Disclosure Policies in the World of Cloud: A Look Behind the Scenes
The tech world does not live in silos: security vulnerabilities can impact an entire ecosystem (case in point Meltdown and Spectre). How do open source projects and companies alike ensure that their s …
Talk Title | Disclosure Policies in the World of Cloud: A Look Behind the Scenes |
Speakers | Lars Kurth (Director, Open Source, Citrix Systems UK Ltd) |
Conference | Open Source Summit North America |
Conf Tag | |
Location | Vancouver, BC, Canada |
Date | Aug 27-31, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
The tech world does not live in silos: security vulnerabilities can impact an entire ecosystem (case in point Meltdown and Spectre). How do open source projects and companies alike ensure that their security disclosure policies are up to standards, especially in the world of cloud computing? This session will introduce different patterns for managing the disclosure of security vulnerabilities in use today and explore their trade-offs and limitations. We will look at the interaction of open source projects and downstreams (distros, product vendors, cloud providers or a combination of them) from the discovery of a vulnerability to it being fixed. This talk will give you a glimpse into a quite extensive machinery which kicks into gear across different organisations when security vulnerabilities are discovered and fixed behind the scenes.